Sr Staff Cyber Security - Red Team Technical Lead | Remote

General Electric Cincinnati , OH 45201

Posted 2 months ago

Job Description: Summary

The Sr Staff Cyber Security Researcher is responsible for delivering controlled threat simulation and services against company assets and partnering with business security teams to drive change. This includes advanced threat replication, Red Team engagements, research, structured attack development, vulnerability research and exploit development / testing, scripting, controlled exploitation of configuration weaknesses and software vulnerabilities, evasion of detection mechanisms and more.

Job Description

Roles and Responsibilities

  • Partner with business IT security teams to drive improvement in IT security as a result of Red Team engagements

  • Lead and execute engagements; defining scope, coordinating attacks, executing tests and reporting findings, following an established methodology in accordance with defined processes

  • Conduct adversary simulation to determine if flaws and exposures can be exploited by unfriendly forces

  • Research, develop, implement, test and document tools, techniques and tactics used by adversaries to compromise and maintain control of information assets

  • Coordinate with other teams in IT Risk in development of threat agent profiles

  • Participate in cross-team Task Forces to drive impact of Cyber Security Research findings as appropriate

  • Actively mentor and develop Cyber Security Researchers

  • Identify and execute projects to drive simplicity and impact of Cyber Security Research efforts

  • Maintain relationships with key partners from a technical operations perspective

Basic Qualifications

  • Bachelor's Degree in Computer Science or a related technical degree and 8 years of professional IT experience (OR Minimum 12 years of professional IT experience)

  • Minimum 3 years of experience in executing Red Team engagements, penetration tests or threat simulation engagements

  • Minimum 2 years of experience in scripting or software development

  • Minimum 2 years of deep, hands-on, technical security experience with at least one of: Wired Network technologies (CISCO routers / switches, Checkpoint), Wireless (WLAN, WIMAX, RFID), Enterprise Storage Systems, UNIX / Linux, Windows / AD, iSeries / zSeries, Database administration, Web applications and Services, Cryptography, Social Engineering and Open Source Intelligence Gathering (OSINT), Mobile platforms, Software Security (Source Code Auditing and Binary Reversing), Systems or OS-native programming (especially Windows), Cloud Administration, Container-based Virtualization

Desired Characteristics

  • Experience leading Red Team Engagements, penetration testing or threat simulation engagements

  • Experience developing exploit code or novel attacks

  • Experience with the command line in Windows and / or Linux

  • Ability to rapidly find, assimilate and synthesize information in pursuit of attacks

  • Extreme resourcefulness with willingness to learn and teach how to characterize adversary tools and techniques, assess and test Company resources, and improve Company defenses

  • Demonstrated ability to compromise complex IT systems / applications in enterprise environments

  • Experience leading threat simulation or penetration testing engagements in an enterprise environment

  • Proven vulnerability analysis skills

  • Excellent communication skills including both verbal and written

  • Hardware / electronics experience

  • Strong track record of understanding and interest in current and emerging technologies demonstrated through training, job experience and / or industry activities

  • Strong team player - collaborates well with others to solve problems and actively incorporates input from various sources

  • Demonstrated customer focus - evaluates decisions through the eyes of the customer and can build strong customer relationships

  • Change oriented - suggests and implements process improvements; supports and drives change, and confronts difficult circumstances in creative ways

  • Ability to read / write foreign languages

Additional Information

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).

Relocation Assistance Provided: No

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr Staff Cyber Security Architect (Ot/It)

General Electric

Posted Yesterday

VIEW JOBS 4/21/2021 12:00:00 AM 2021-07-20T00:00 Job Description Summary We are looking for a Sr. Staff Cyber Security Leader, with a focus on delivering and driving security requirements for operational technology (OT) in the Aviation business. In this role you will work in a team to identify, risk rate, communicate and design secure solutions across our Aviation Business in the Operational Technology and Information Technology realms (OT/IT), validate security designs, be an OT security evangelist, and provide thought leadership on security best practices for the aviation labs, test-cells, and manufacturing areas. Job Description Essential Responsibilities: * Provide leadership and domain expertise in Operational Technology (OT) cyber security with a focus on networking, operating systems hardening and cyber security tooling. * Develop strategic roadmaps and tactical remediation plans to address cyber vulnerabilities and architectural weaknesses in Aviation OT, Labs, and Manufacturing. * Understand and able to educate the business on Secure Development Life Cycle frameworks. * Represent Aviation OT cyber security architectural needs to executive management. * Ensure cyber security tooling and underlying infrastructure aligns to regulatory and security requirements, is in place and functioning correctly. * Create metrics and reporting capabilities to continuously monitor identified risk areas. * Provide mentoring, and skill set knowledge transfer to team members, product owners, and operations staff. * Develop and operate risk assessments and threat models, drive risk management processes to align with enterprise standards. * Partner with Aviation compliance, operations and incident teams to create security architectural requirements. * Partner with other Aviation & GE business teams to develop secure OT technical solutions. * Support MVP's through "hands on" technical security knowledge, integration, and development/coding. * Ability to work in a fast paced, dynamic environment, with shifting priorities; must be comfortable with change and actively driving improvements. * Understand how new technologies impact the current environment * Champion the adoption of new technologies and drive the implementation into the GE environment. Qualifications/Requirements: * Bachelor's degree from accredited university or college with minimum of 6 years of professional experience OR Associates degree with minimum of 9 years of professional experience OR High School Diploma with minimum of 11 years of professional experience. * Minimum 5 years of professional experience in Distinct Area of Work (DAW) or IT. (Note: Military experience is equivalent to professional experience) ELIGIBILITY REQUIREMENT: * Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job. Desired Characteristics: * Knowledgeable in IEC-62443 and NIST frameworks relative to securing Industrial Control Systems (ICS) and Building Manufacturing Systems (BMS). * Understand Network security, Anti-malware solutions, and Firewall technologies as it relates to OT environments. * Knowledge of ethernet based protocols relating to TCP/IP stacks, packet captures, incident detection/response. * Familiar with Windows OS Architecture, domain controllers, and system hardening principles. * Securing Linux/Unix based systems. * Understand and familiar with OT based protocols including BACnet, PROFINET, ModBus, and Ethernet/IP. * Need to be innovative in security designs and approaches to solutions. * Knowledge of application risk identification and evaluation techniques. * Knowledge of Cyber Security and full knowledge of multiple related engineering functions. * Experience with programming and scripting languages, ideally fluent in Python. #LI-GF1 This role is restricted to U.S. persons (i.e., U.S. citizens, permanent residents, and other protected individuals under the Immigration and Naturalization Act, 8 U.S.C. 1324b(a)(3)) due to access to export-controlled technology. GE will require proof of status prior to employment. Additional Information GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: No General Electric Cincinnati OH

Sr Staff Cyber Security - Red Team Technical Lead | Remote

General Electric